hi, recently i did some testing. i tried omelasticsearch but i stopped using direct output plugin in the favor of logstash push agent
a) i wont connect logserver to the els cluster directly (because of security) a1) there are also issues sigsegv when setting configuration parameters of omelasticsearch b) logstash has better functionality in parsing and mangling data before they are pushed to els c) els clients are very sensitive to input data. there were case when there were binary data in logs and those cannt be pushed and whole cluster crashed because of this. Feb 13 19:30:19 127.0.0.1 sshd[22862]: Invalid user imu\361oz from a.b.c.d Feb 13 19:30:19 127.0.0.1 sshd[22862]: pam_krb5(sshd:auth): authentication failure; logname=imu�oz uid=0 euid=0 tty=ssh ruser= rhost=a.b.c.d that's also why i switch to logstash with: tr -c '[:print:][:cntrl:]' '?' | $JAVA_HOME/bin/java $JAVA_OPTS -jar $JAR agent -f lsloader-stdin.conf On 10.4.2012 12:56, Rainer Gerhards wrote: > Hi all, > > I am doing some experimental work on ElasticSearch integration. I started off > with a contribution and will extend it in the coming days/weeks. I wonder who > else is interested in that topic? Actually, I'd like to get feedback both on > suggested/required features as well as some folks who test out things that > have been implemented. > > Someone out here? Please feel free to share/forward this mail if you happen > to know somebody else. _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/
